Call WCF Resfull methods with using OAUTH 2.0
Asked Answered
T

1

7

I am looking for any article or forum thread, where I could find information how to make oauth 2.0 authentication. Especially I have MVC 3 application and WCF Restfull API. And I have to call API methods from web app with using oauth 2.0 protocol authentication. But I could not find any information about it. After googling I see only results how to develop clients for facebook, linkedin, google etc.. Any help would be helpful. Thank you.

Tarango answered 12/6, 2012 at 17:37 Comment(0)
R
2

You could have a look at DotNetOpenAuth. It has a client library which you can easily install from NuGet here. Using DotNetOpenAuth all the OAuth plumbing is handled behind the scenes.

DotNetOpenAuth:

When you install the NuGet Package: https://www.nuget.org/packages/DotNetOpenAuth.Ultimate/4.3.3.13295

You can setup an OAuth client like this:

var authorizationServerDescription = new AuthorizationServerDescription
{
    ProtocolVersion = ProtocolVersion.V20,
    TokenEndpoint = new Uri("https://yourUrl/token"),
    AuthorizationEndpoint = new Uri("https://yourUrl/authorize")
};

var client = new WebServerClient(authorizationServerDescription, "ClientIdentifier", "ClientSecret");

Then you can request a IAuthorizationState like this:

// Resource Owner Password Flow
client.ExchangeUserCredentialForToken("userName", "password");

// Client Credential Flow
client.GetClientAccessToken();

The IAuthorizationState contains the AccessToken you can use to Authorize against your Api. If a RefreshToken is provided you can also refresh your authorization using:

client.RefreshAuthorization(AuthorizationState);

ThinkTecture:

Alternatively you could use Thinktecture.IdentityModel. If you chose to use Thinktectures IdentityModel be sure to check out this post: Introducing OAuth2 Code Flow and Refresh Token Support in Thinktecture IdentityServer. Which not only explains how to set up an OAuth Token Server using Thinktecture, but how to use the client as well including a code sample. Ofcourse you can use this client to validate against another OAuth 2.0 server as long as the parameters are implemented according to the OAuth specifications.

OAuth 2.0 Playground If you want to have a better look at the OAuth 2.0 flow, be sure to check out Google's OAuth 2.0 Playground. I think that a lot of people don't know that it is possible to test your own server with it. Just push the 'settings' icon in the top right and set:

OAuth endpoints: Custom

And you're good to go.

Ruebenrueda answered 5/11, 2013 at 20:22 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.